Amendments to the Claims 
Please amend claims 1-2, 6-11, 16-22, 27-31, 36-42, 44, 47-51, and 56-58 as follows: 

1 . (Currently Amended) A computer-implemented method for virtualizing super- 
user privileges in a computer operating system including multiple virtual private servers, the 
method comprising: 

associating a user with a virtual private server, the virtual private server comprising a 

plurality of actual processes; 
designating the user as a virtual super-user; 

intercepting a system call, mad e by th e us e r, for which actual sup e r us e r privil e g e s ar e 
r e quired; and 

intercepting a call to the operating svstem for which actual super-user privileges are 

required, the call made by a process located in the computer svstem, the process 
owned bv the user; and 

in response to the intercepted syst e m call call to the operating system pertaining to the 
virtual private server associated with the user: 
granting actual super-user privileges to the user; and 
allowing execution of the syst e m call call to the operating system . 

2. (Currently Amended) The method of claim 1 , further comprising: 
withdrawing the actual super-user privileges from the user after execution of the syst e m 

eall call to the operating system . 

3 . (Previously Presented) The method of claim 1 , wherein designating comprises: 
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assigning a virtual super-user identifier to the user. 

4. (Previously Presented) The method of claim 3, wherein the virtual super-user 
identifier comprises a super-user identifier and an indication of the virtual private server. 

5. (Previously Presented) The method of claim 1, wherein designating comprises: 
assigning a user identifier to the user; and 

storing the user identifier and an indication of the virtual private server of the user in a 
virtual super-user list. 

6. (Currently Amended) The method of claim 1, wherein granting comprises: 
assigning a super-user identifier to the virtual sup e r us e r user . 

7. (Currently Amended) The method of claim 1 , wherein the intercepted syst e m call 
call to the operating system comprises a syst e m call call to the operating svstehi for accessing a 
file. 

8. (Currently Amended) The method of claim 7, wherein the intercepted syst e m call 
call to the operating system pertains to the virtual private server associated with the user when 
the file to be accessed is associated with the virtual private server. 
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9. (Currently Amended) The method of claim 1 , wherein the intercepted syst e m call 
call to the operating system comprises a syst e m call call to the operating system for terminating a 
process. 

10. (Currently Amended) The method of claim 9, wherein the intercepted syst e m call 
call to the operating system pertains to the virtual private server associated with the user when 
the process to be terminated is associated with the virtual private server. 

1 1 . (Currently Amended) The method of claim 1 , wherein the intercepted syst e m call 
call to the operating system comprises a syst e m call call to the operating system for terminating 
all processes associated with the virtual private server, the method further comprising: 

identifying each process associated with the virtual private server; and 
terminating each identified process. 

12. (Previously Presented) The method of claim 11, wherein a data structure stores 
associations between processes and virtual private servers, and wherein identifying comprises: 

identifying each process by its association with the virtual private server in the data 
structure. 

13. -15. (Cancelled) 

16. (Currently Amended) The method of claim 1, further comprising: 
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responsive to the intercepted syst e m call call to the operating system not pertaining to the 
virtual private server associated with the user, disallowing execution of the syst e m 
eaU call to the operating system . 

1 7. (Currently Amended) The method of claim 1, further comprising: 

responsive to the intercepted syst e m call call to the operating system comprising a syst e m 
eaU call to the operating system for inserting a module into an operating system 
kemel, disallowing execution of the system call call to the operating system . 

18. (Currently Amended) The method of claim 1, wherein allowing comprises: 
executing the system cull call to the operating system . 

19. (Currently Amended) The method of claim 1, wherein intercepting the syst e m call 

call to the operating system comprises: 
loading a system call wrapper; 

saving a pointer to the system call call to the operating system ; and 

replacing the pointer to the system call call to the operating system with a pointer to the 

system call wrapper, such that the system call wrapper is executed when the 

syst e m call call to the operating system is invoked. 

20. (Currently Amended) The method of claim 19, wherein the pointer to the first 
syst e m call call to the operating system comprises a system call vector. 
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2 1 . (Currently Amended) A computer program product for virtualizing super-user , 
privileges in a computer operating system including multiple virtual private servers, the computer 
program product comprising: 

program code for associating a user with a virtual private server, the virtual private server 

comprising a plurality of actual processes; 
program code for designating the user as a virtual super-user; 

program codo for int e rc e pting a system call, mad e by th e us e r, for which actual sup e r us e r . 

privileges ar e r e quir e d; and 
program code for intercepting a call to the operating svstem for which actual super-user 

privileges are required, the call made by a process located in the computer system, 

the process owned by the user: and 
program code for determining that th e int e rcept e d system call p e rtains to the virtual 

privat e s e rver asGociated with th e us e r, granting actual super-user privileges to the 

user, and allowing execution of the syst e m call call to the operating system, in 

response to the intercepted call to the operating system pertaining to the virtual 

private server associated with the user . 

22. (Currently Amended) The computer program product of claim 21, further 

comprising: 

program code for withdrawing the actual super-user privileges from the user after 
execution of the syst e m call call to the operating system . 
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23 . (Previously Presented) The computer program product of claim 2 1 , wherein 
program code for designating comprises: 

program code for assigning a virtual super-user identifier to the user. 

24. (Previously Presented) The computer program product of claim 23, wherein the 
virtual super-user identifier comprises a super-user identifier and an indication of the virtual 
private server. 

25 . (Previously Presented) The computer program product of claim 2 1 , wherein 
program code for designating comprises: 

program code for assigning a user identifier to the user; and 

program code for storing the user identifier and an indication of the virtual private server 
of the user in a virtual super-user list. 

26. (Previously Presented) The computer program product of claim 2 1 , wherein 
program code for granting comprises: 

program code for assigning a super-user identifier to the user. 

27. (Currently Amended) The computer program product of claim 2 1 , wherein the 
intercepted syst e m call call to the operating system comprises a system call call to the operating 
system for accessing a file. 
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28. (Currently Amended) The computer program product of claim 27, wherein the 
intercepted syst e m call call to the operating system pertains to the virtual private server 
associated v^ith the user when the file to be accessed is associated with the virtual private server. 

29. (Currently Amended) The computer program product of claim 21, wherein the 
intercepted syst e m call call to the operating system comprises a system call call to the operating 
system for terminating a process. 

30. (Currently Amended) The computer program product of claim 29, wherein the 
intercepted system call call to the operating system pertains to the virtual private server 
associated with the user when the process to be terminated is associated with the virtual private 
server. 

3 1 . (Currently Amended) The computer program product of claim 2 1 , wherein the 
intercepted syst e m call call to the operating system comprises a syst e m call call to the operating 
system for terminating all processes associated with the virtual private server, the computer 
program product further comprising: 

program code for identifying each process associated with the virtual private server; and 
program code for terminating each identified process. 

32. (Previously Presented) The computer program product of claim 3 1 , wherein an 
association data stmcture stores associations between processes and virtual private servers, and 
wherein program code for identifying comprises: 
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program code for identifying each process by its association with the virtual private server 
in the association data structure. 

33.-35. (Cancelled) 

36. (Currently Amended) The computer program product of claim 21 , further 

comprising: 

program code for disallowing execution of the syst e m call call to the operating system in 
response to the intercepted system call call to the operating system not pertaining 
to the virtual private server associated with the user. 

37. (Currently Amended) The computer program product of claim 2 1 , further 

comprising: 

program code for disallowing execution of the syst e m call call to the operating system in 
response to the intercepted syst e m call call to the operating system comprising a 
system call call to the operating system for inserting a module into an operating 
system kernel. 

38. (Currently Amended) The computer program product of claim 21 , wherein 
program code for allowing comprises: 

program code for executing the syst e m call call to the operating system . 
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39. (Currently Amended) The computer program product of claim 2 1 , wherein 
program code for intercepting the syst e m call call to the operating system comprises: 

program code for loading a system call wrapper; 

program code for saving a pointer to the syst e m call call to the operating system ; and 
program code for replacing the pointer to the syst e m call call to the operating system with 
a pointer to the system call wrapper, such that the system call wrapper is executed 
when the system call call to the operating system is invoked. 

40. (Currently Amended) The computer program product of claim 39, wherein the 
pointer to the first system call call to the operating system comprises a system call vector. 

41 . (Currently Amended) A system for virtualizing super-user privileges in a 
computer operating system including multiple virtual private servers, the system comprising: 

a virtual super-user designation module for associating a user with a virtual private 

server, the virtual private server comprising a plurality of actual processes, and for 
designating the user as a virtual super-user; dnd 

a system call wrapper for intercepting a syst e m call, mad e by tho us e r, for which actual 
P i iipor us e r privil e g e s are r e quir e d a call to the operating system for which actual 
super-user privileges are required, the call made by a process located in the 
computer system, the process owned by the user, and, in response to the 
intercepted syst e m call call to the operating system pertaining to the virtual private 
server associated with the user, granting actual super-user privileges to the user 
and allowing execution of the syst e m call call to the operating system . 
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42. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
further configured to withdraw the actual super-user privileges from the user after execution of 
the syst e m call call to the operating system . 



43. (Previously Presented) The system of claim 41 , wherein the virtual super-user 
designation module is further configured to assign a virtual super-user identifier to the user. 

44. (Currently Amended) The system of claim 43, wherein the virtual super-user 
identifier comprises a super-user identifier and an indication of the virtual proc e ss virtual private 
server. 

45. (Previously Presented) The system of claim 41, wherein the virtual super-user 
designation module is further configured to assign a user identifier to the user and store the user 
identifier and an indication of the virtual private server associated with the user in a virtual super- 
user list. 

46. (Previously Presented) The system of claim 41 , wherein the system call wrapper is 
further configured to assign a super-user identifier to the user. 

47. (Currently Amended) The system of claim 41 , wherein the intercepted syst e m call 
call to the operating system comprises a systom call call to the operating system for accessing a 
file. 
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48. (Currently Amended) The system of claim 47, wherein the intercepted syst e m call 
call to the operating system pertains to the virtual private server associated with the user when 
the file to be accessed is associated with the virtual private server. 

49. (Currently Amended) The system of claim 4 1 , wherein the intercepted syst e m call 
call to the operating svstem comprises a syst e m call call to the operating system for terminating a 
process. 

50. (Currently Amended) The system of claim 49, wherein the intercepted syst e m call 
call to the operating system pertains to the virtual private server associated with the user when 
the process to be terminated is associated with the virtual private server. 

5 1 . (Currently Amended) The system of claim 41, wherein the intercepted syst e m call 
call to the operating svstem comprises a syst e m call call to the operating system for terminating 
all processes associated with the virtual private server, and wherein the system call wrapper is 
further configured to identify each process associated with the virtual private server and 
terminate each identified process. 

52. (Previously Presented) The system of claim 5 1 , further comprising: 

an association data structure for storing associations between processes and virtual private 
servers, wherein the system call wrapper is further configured to identify each 
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process by its association with the virtual private server in the association data 
structure. 

53.-55. (Cancelled) 

56. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
further configured to disallow execution of the intercepted syst e m call call to the operating 
system in response to the intercepted system call call to the operating system not pertaining to the 
virtual private server associated with the user. 

57. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
further configured to disallow execution of the intercepted syGtom call call to the operating 
system in response to the intercepted systom call call to the operating system comprising a 
system call call to the operating system for inserting a module into an operating system kemel. 

58. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
further configured to execute the syst e m call call to the operating system . 
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